package com.hopu.day8_security.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;

/**
 * Security的配置
 */
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    /**
     * 配置密码加密器
     * @return
     */
    @Bean
    public BCryptPasswordEncoder bCryptPasswordEncoder(){
        return new BCryptPasswordEncoder();
    }

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private JdbcTokenRepositoryImpl jdbcTokenRepository;

    /**
     * 配置登录的账号、密码和角色、权限   Authentication 验证  Authorization 授权
     * @param auth
     * @throws Exception
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//        //内存中的登录验证
//        auth.inMemoryAuthentication()
//                .withUser("zhangsan")  //账号
//                .password(new BCryptPasswordEncoder().encode("123")) //密码
//                .roles("ADMIN","USER") //角色
//                .and()
//                .withUser("lisi")  //账号
//                .password(new BCryptPasswordEncoder().encode("123")) //密码
////                .roles("USER") //角色
//                .authorities("USER_LIST"); //权限
        auth.userDetailsService(userDetailsService);
    }

    /**
     * 页面资源的授权
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //对请求进行授权
        http.authorizeRequests()
                .antMatchers("/page/login.html").permitAll()  //放行
                .antMatchers("/page/admin/**").hasRole("管理员") //必须有对应角色才能访问
                .antMatchers("/page/user/**").hasAnyAuthority("采购审核","销售订单")
                .anyRequest().authenticated()  //其它的请求需要登录
                .and()
                .formLogin()//登录配置
                .loginPage("/page/login.html") //将登录页面配置为自定义的
                .loginProcessingUrl("/doLogin") //配置默认处理登录的URL
                .defaultSuccessUrl("/page/main.html") //登录成功后的页面
                .and()
                .logout()//登出配置
                .logoutUrl("/logout")  //登出url
                .logoutSuccessUrl("/page/login.html")//登出页面
                .and()
                .rememberMe()//配置记住我
                .rememberMeParameter("rememberMe") //配置表单参数名
                .tokenRepository(jdbcTokenRepository) //配置jdbc操作
                .tokenValiditySeconds(24 * 3600) //保存时间
                .and()
                .csrf().disable(); //关闭CSRF防御
    }
}
